Uploaded image for project: 'OpenVZ'
  1. OpenVZ
  2. OVZ-4225

Add an ability to set netmasks for --ipadd

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: OpenVZ-legacy
    • Component/s: Containers::Userspace
    • Security Level: Public
    • Environment:
      Operating System: RHEL/CentOS 5
      Platform: x86_64 (AMD64)

      Description

      My HN has eth0 with ISP's Private VLAN and eth1 with Public WAN. The server has 8 Public IPs (5 usable) and 8 Private IPs (5 usable).

      If I create a VE and set a unique Public IP and a unique Private IP for the CT, within the VE, only the network for the first IP in the CT forwards to that network's gateway. If I reverse the order that the IP addresses are assigned, still only the first network goes through the gateway as defined on the HN.

      So, if the first address added to the CT is the Public WAN IP, then the VE in the CT can see the internet (e.g., ping google.com) but cannot see the Private VLAN (e.g., ping 10.0.0.1).

      Conversely, if the first address added to the CT is the Private VLAN IP, then the VE in the CT can see the Private VLAN (e.g., ping 10.0.0.1) but cannot see the Public WAN (e.g., ping google.com).

      I assume there is a route missing but when I check the routes, they are the same on both the HN and in the VE regardless of the order that the Private and Public IPs were assigned in the VE.

      Here are the routes in the VE:

      [root@vps102p /]# ip route
      192.0.2.0/24 dev venet0 scope host
      169.254.0.0/16 dev venet0 scope link
      default via 192.0.2.1 dev venet0

      Here are the routes in the HN

      [root@node1 ~]# ip route
      63.248.94.19 dev venet0 scope link
      63.248.94.21 dev venet0 scope link
      63.248.94.20 dev venet0 scope link
      10.0.15.52 dev venet0 scope link
      10.0.15.51 dev venet0 scope link
      63.248.94.16/29 dev eth1 proto kernel scope link src 63.248.94.18
      10.0.15.48/29 dev eth0 proto kernel scope link src 10.0.15.50
      10.0.0.0/16 via 10.0.15.49 dev eth0
      169.254.0.0/16 dev eth1 scope link
      default via 63.248.94.17 dev eth1

      (I changed my public IPs above just to keep from posting them here).

      If this isn't a bug, but a feature (only first IP in a VE routes through the gateway of the HN, then I think it probably should be implemented so that both networks are accessible.

      This should be fairly common set up and everything is so close to working as if by magic with the venet0 interface. Maybe it is just me. I just downloaded OpenVZ and I am a bit of a newbie to all this networking stuff.
      1. debian-add_ip.sh.patch
        2 kB
        Guido
      2. internal-routes
        0.3 kB
        Simon Deziel

        Issue Links

          Activity

          Hide
          mario.kleinsasser@gmail.com Mario Kleinsasser added a comment -

          (In reply to comment #30)
          > Fixed in vzctl >= 3.0.29

          Tested on latest Debian 6 base installation with custom compiled kernel.
          Kernel: Vanilla 2.6.32
          Patch: feoktistov

          vzctl: 3.0.29.1-1
          vzctl-lib: 3.0.29.1-1
          vzdump: 3.0.12-1

          All OK!

          Show
          mario.kleinsasser@gmail.com Mario Kleinsasser added a comment - (In reply to comment #30) > Fixed in vzctl >= 3.0.29 Tested on latest Debian 6 base installation with custom compiled kernel. Kernel: Vanilla 2.6.32 Patch: feoktistov vzctl: 3.0.29.1-1 vzctl-lib: 3.0.29.1-1 vzdump: 3.0.12-1 All OK!
          Hide
          dist.lists@gmail.com Hristo added a comment -

          I tested on CentOS 6 x64 HN and CentOS 6 VE template and it doesn't work 100%. vzctl understands masks in CIDR just fine, the configured mask is set in the VE properly, so this part it ok, but for some reason there is no network connectivity as soon as I add a mask to the IP. This is also true when I explicitly set /24 as mask (which seems to be the default when there is no mask configured)

          When I have no mask in the configuration then the mask inside the VE default to /24. In this case all networking in the VE works just fine. However, as soon as I try to add mask (any mask including /24) and restart the VE then there is no networking inside the VE. Again, the configured mask is set properly (checked with ifconfig inside the VE), but there is no network.

          I even tried to capture some packets on the HN using wireshark, but there were no packets coming from the VE IP.

          I have tested on two HNs with two different VEs:

          • VE with a single IP (described above) and
          • VE with two IPs from two different subnets (on a HN which has two interfaces).

          The result is that as soon as I add a mask, the IP communication for this IP/interface in the VE is lost. The other IP/interface works just fine (in the case with two IPs/subnets). Also even when I add the default mask (/24) the problem is still present.

          Tested with:
          kernel: 2.6.32-042stab037.1
          vzctl: 3.0.29.1
          NH: centos6-x64
          VE: centos6-x64 (template downloaded today)

          Show
          dist.lists@gmail.com Hristo added a comment - I tested on CentOS 6 x64 HN and CentOS 6 VE template and it doesn't work 100%. vzctl understands masks in CIDR just fine, the configured mask is set in the VE properly, so this part it ok, but for some reason there is no network connectivity as soon as I add a mask to the IP. This is also true when I explicitly set /24 as mask (which seems to be the default when there is no mask configured) When I have no mask in the configuration then the mask inside the VE default to /24. In this case all networking in the VE works just fine. However, as soon as I try to add mask (any mask including /24) and restart the VE then there is no networking inside the VE. Again, the configured mask is set properly (checked with ifconfig inside the VE), but there is no network. I even tried to capture some packets on the HN using wireshark, but there were no packets coming from the VE IP. I have tested on two HNs with two different VEs: VE with a single IP (described above) and VE with two IPs from two different subnets (on a HN which has two interfaces). The result is that as soon as I add a mask, the IP communication for this IP/interface in the VE is lost. The other IP/interface works just fine (in the case with two IPs/subnets). Also even when I add the default mask (/24) the problem is still present. Tested with: kernel: 2.6.32-042stab037.1 vzctl: 3.0.29.1 NH: centos6-x64 VE: centos6-x64 (template downloaded today)
          Hide
          mario.kleinsasser@gmail.com Mario Kleinsasser added a comment -

          Well I'am sorry, but it seems that I made a mistake yesterday. What Hristo posted is correct. Sad but true.

          (In reply to comment #32)
          > I tested on CentOS 6 x64 HN and CentOS 6 VE template and it doesn't work 100%.
          > vzctl understands masks in CIDR just fine, the configured mask is set in the VE
          > properly, so this part it ok, but for some reason there is no network
          > connectivity as soon as I add a mask to the IP. This is also true when I
          > explicitly set /24 as mask (which seems to be the default when there is no mask
          > configured)
          >

          Right. The setting is set correctly. Today I double checked it with vzlist -a.

          > When I have no mask in the configuration then the mask inside the VE default to
          > /24. In this case all networking in the VE works just fine. However, as soon as
          > I try to add mask (any mask including /24) and restart the VE then there is no
          > networking inside the VE. Again, the configured mask is set properly (checked
          > with ifconfig inside the VE), but there is no network.

          I tested it without restart and had the same behavior today.

          >
          > I even tried to capture some packets on the HN using wireshark, but there were
          > no packets coming from the VE IP.
          >
          > I have tested on two HNs with two different VEs:
          > - VE with a single IP (described above) and
          > - VE with two IPs from two different subnets (on a HN which has two
          > interfaces).
          >
          > The result is that as soon as I add a mask, the IP communication for this
          > IP/interface in the VE is lost. The other IP/interface works just fine (in the
          > case with two IPs/subnets). Also even when I add the default mask (/24) the
          > problem is still present.
          >

          Not tested at this detail level.

          Sorry once again, it seems that yesterday I wasn't careful enough.

          Show
          mario.kleinsasser@gmail.com Mario Kleinsasser added a comment - Well I'am sorry, but it seems that I made a mistake yesterday. What Hristo posted is correct. Sad but true. (In reply to comment #32) > I tested on CentOS 6 x64 HN and CentOS 6 VE template and it doesn't work 100%. > vzctl understands masks in CIDR just fine, the configured mask is set in the VE > properly, so this part it ok, but for some reason there is no network > connectivity as soon as I add a mask to the IP. This is also true when I > explicitly set /24 as mask (which seems to be the default when there is no mask > configured) > Right. The setting is set correctly. Today I double checked it with vzlist -a. > When I have no mask in the configuration then the mask inside the VE default to > /24. In this case all networking in the VE works just fine. However, as soon as > I try to add mask (any mask including /24) and restart the VE then there is no > networking inside the VE. Again, the configured mask is set properly (checked > with ifconfig inside the VE), but there is no network. I tested it without restart and had the same behavior today. > > I even tried to capture some packets on the HN using wireshark, but there were > no packets coming from the VE IP. > > I have tested on two HNs with two different VEs: > - VE with a single IP (described above) and > - VE with two IPs from two different subnets (on a HN which has two > interfaces). > > The result is that as soon as I add a mask, the IP communication for this > IP/interface in the VE is lost. The other IP/interface works just fine (in the > case with two IPs/subnets). Also even when I add the default mask (/24) the > problem is still present. > Not tested at this detail level. Sorry once again, it seems that yesterday I wasn't careful enough.
          Hide
          kir Kir Kolyshkin added a comment -

          Got you guys, thanks for the comments, the problem with the networking is a subject of OVZ-5132

          Show
          kir Kir Kolyshkin added a comment - Got you guys, thanks for the comments, the problem with the networking is a subject of OVZ-5132
          Hide
          sergeyb Sergey Bronnikov added a comment -

          Bug was fixed more than one year ago and there were no complains from reporter after fix. We believe bug fix helped and mark bug as closed.

          Show
          sergeyb Sergey Bronnikov added a comment - Bug was fixed more than one year ago and there were no complains from reporter after fix. We believe bug fix helped and mark bug as closed.

            People

            • Assignee:
              kir Kir Kolyshkin
              Reporter:
              kevin@my.walr.us Kevin Heatwole
            • Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: